Sending a SIGHUP while Suricata is Processing a PCAP Causes Suricata to crash

I’m trying to rotate the Suricata log file but often cause Suricata to crash. I’m running 6.0.13.

The command I used to start Suricata:

/usr/bin/suricata -k none -v -c /opt/capture/conf/suricata/suricata.yml --unix-socket --pidfile /var/run/suricata/suricata.pid

I sent a kill -HUP to Suricata.
SIGHUP sent at 2023-09-12;20:38:06 to Suricata process (PID: 27757).

Suricata crashes and the suricata.log file doesn’t show any errors.

From journalctl:

Sep 12 20:38:07 auto01-cs01 kernel: FM#01[74885]: segfault at 7fb800000089 ip 000000000050a1b3 sp 00007fb87d7f9a40 error 6 in suricata[400000+576000]

A few other notes:

• This occurs with or without signatures.
• This occurs both when rename the suricata.log file and then send the SIGHUP and also sending the SIGHUP without a rename.

Any ideas on what I should try or what I’m possibly doing wrong? Thanks!

Hi!
Is it possible for you to check and report if this issue also exists in suricata 6.0.14?

Hi,
In addition to @sbhardwaj’s suggestion, a stack trace would be verify helpful.

Simply start suricata as follows:

gdb /usr/bin/suricata -k none -v -c /opt/capture/conf/suricata/suricata.yml --unix-socket --pidfile /var/run/suricata/suricata.pid

Send the signal; if suricata crashes do this:

(gdb) bt

bt is the “backtrace” command and will display the stack of the thread that caused the crash.